<html>
<head><meta charset="utf-8"><title>Just how bad is a data race *really*? · t-lang/wg-unsafe-code-guidelines · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/index.html">t-lang/wg-unsafe-code-guidelines</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html">Just how bad is a data race *really*?</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="209578782"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209578782" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209578782">(Sep 09 2020 at 22:59)</a>:</h4>
<p>So in versions of SDL2 <em>prior</em> to 2.0.14 (the upcoming version), there's the following things all at once:</p>
<ul>
<li>A global static buffer of 1024 bytes used to store error messages from the API. On error, the API writes to the buffer and the function returns an int which indicates "go check the error buffer for more info".</li>
<li>A general warning that the API isn't thread safe and should only be used from the main thread.</li>
<li>Except for the sound system which is explicitly intended to be multi-threaded.</li>
<li>The sound system can still generate error strings from the other thread it lives in.</li>
</ul>
<p>Careful readers will note that we have all the makings of a potential data race!</p>
<p>However, I can't change SDL2 itself, it's already installed too many places. While they are finally fixing it in the next release, sometimes people don't update immediately.</p>
<p>So what I'd like to know is: what exactly what is the <em>likely</em> practical effect in this situation if a data race does occur? Yes, I know it's UB and you can't predict precisely and so on, but I'd like to know anyway.</p>
<p>It seems like, and this could be naive, the byte buffer always has <em>some</em> bytes in it. Regardless of the precise bytes, there are bytes <em>at all</em>. So if you copy the error buffer into a <code>Vec&lt;u8&gt;</code>, then you'll get <em>something</em>, even if it's not the intended message, right?</p>
<p>Because if so, if a garbage message is the worst that can really happen, then that does feel like an acceptable level of UB risk, as heretical as that may seem. At least until people move to next version of SDL2.</p>



<a name="209579194"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209579194" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209579194">(Sep 09 2020 at 23:04)</a>:</h4>
<p>If it's already compiled, then you can verify that the compiler hasn't done any funny business with the UB and then you only have to worry about hardware behavior in the presence of data races, rather than language UB</p>



<a name="209579276"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209579276" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209579276">(Sep 09 2020 at 23:04)</a>:</h4>
<p>In the case of x86, you get some pretty good guarantees, that amount to what you say - you will get garbage at worst</p>



<a name="209579618"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209579618" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209579618">(Sep 09 2020 at 23:09)</a>:</h4>
<p>Language UB becomes more important if you want to compile the code several times with different versions of the compiler or different target architectures. In that case you should probably stay appraised of any changes that could potentially exploit this, but if it's a global problem then the optimizer is unlikely to have any interesting effect until it grows some general AI. (Someone please correct me if this is not the case.)</p>



<a name="209579639"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209579639" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209579639">(Sep 09 2020 at 23:09)</a>:</h4>
<p>In short, you are programming to compiler-as-written rather than the language spec</p>



<a name="209608622"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209608622" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> bjorn3 <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209608622">(Sep 10 2020 at 08:26)</a>:</h4>
<blockquote>
<p>It seems like, and this could be naive, the byte buffer always has some bytes in it. Regardless of the precise bytes, there are bytes at all. So if you copy the error buffer into a Vec&lt;u8&gt;, then you'll get something, even if it's not the intended message, right?</p>
</blockquote>
<p>You will get a poison value, which behaves weird. For example if you compare it twice to <code>0</code> you can get different results. If you match on it you could have zero or multiple match arms that get executed, etc. This happens because the compiler may assume that the loaded memory doesn't change and as such can for example directly load from it again rather than spilling the value to the stack when there is register pressure.</p>



<a name="209609642"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209609642" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209609642">(Sep 10 2020 at 08:37)</a>:</h4>
<p>That's still at the compiler level though, right? That's an LLVM thing, not an x86/ARM thing</p>



<a name="209609673"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209609673" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> bjorn3 <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209609673">(Sep 10 2020 at 08:37)</a>:</h4>
<p>Yes</p>



<a name="209609767"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209609767" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209609767">(Sep 10 2020 at 08:38)</a>:</h4>
<p>so as long as your code is sufficiently "real" as to defeat the optimizer, the hardware isn't licensed to take advantage of the UB</p>



<a name="209609800"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209609800" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> bjorn3 <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209609800">(Sep 10 2020 at 08:39)</a>:</h4>
<p>Even when using a fixed compiler, you can't guarantee that certain optimizations are not performed. Especially with LTO any change to code of any crate can affect optimization of any other piece of code.</p>



<a name="209609994"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209609994" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209609994">(Sep 10 2020 at 08:41)</a>:</h4>
<p>Are there any actual LLVM optimizations that could allow it to deduce that the value is poison and not just something unknown?</p>



<a name="209610622"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209610622" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> bjorn3 <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209610622">(Sep 10 2020 at 08:48)</a>:</h4>
<p>No, but that is not necessary. LLVM optimizes based on the assumption that is not poison, so it can change</p>
<div class="codehilite"><pre><span></span><code><span class="k">static</span><span class="w"> </span><span class="n">ERROR</span>: <span class="kt">u32</span> <span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span><span class="w"></span>

<span class="k">fn</span> <span class="nf">maybe_handle_error</span><span class="p">(</span><span class="n">ok</span>: <span class="nc">impl</span><span class="w"> </span><span class="nb">FnOnce</span><span class="p">(),</span><span class="w"> </span><span class="n">err</span>: <span class="nc">impl</span><span class="w"> </span><span class="nb">FnOnce</span><span class="p">())</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="k">if</span><span class="w"> </span><span class="n">ERROR</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">        </span><span class="n">ok</span><span class="p">();</span><span class="w"></span>
<span class="w">    </span><span class="p">}</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">        </span><span class="n">err</span><span class="p">();</span><span class="w"></span>
<span class="w">    </span><span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>


<p>to</p>
<div class="codehilite"><pre><span></span><code><span class="k">static</span><span class="w"> </span><span class="n">ERROR</span>: <span class="kt">u32</span> <span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span><span class="w"></span>

<span class="k">fn</span> <span class="nf">maybe_handle_error</span><span class="p">(</span><span class="n">ok</span>: <span class="nc">impl</span><span class="w"> </span><span class="nb">FnOnce</span><span class="p">(),</span><span class="w"> </span><span class="n">err</span>: <span class="nc">impl</span><span class="w"> </span><span class="nb">FnOnce</span><span class="p">())</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="k">if</span><span class="w"> </span><span class="n">ERROR</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">        </span><span class="n">ok</span><span class="p">();</span><span class="w"></span>
<span class="w">    </span><span class="p">}</span><span class="w"></span>
<span class="w">    </span><span class="k">if</span><span class="w"> </span><span class="n">ERROR</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">        </span><span class="n">err</span><span class="p">();</span><span class="w"></span>
<span class="w">    </span><span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>


<p>which would call <code>ok</code> <strong>and</strong> <code>err</code> if <code>ERROR</code> changes from 0 to something else. Or it could change</p>
<div class="codehilite"><pre><span></span><code><span class="k">static</span><span class="w"> </span><span class="n">ERROR</span>: <span class="kt">u32</span> <span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span><span class="w"></span>

<span class="k">fn</span> <span class="nf">foo</span><span class="p">(</span><span class="n">f</span>: <span class="nc">impl</span><span class="w"> </span><span class="nb">FnOnce</span><span class="p">(),</span><span class="w"> </span><span class="n">err</span>: <span class="nc">impl</span><span class="w"> </span><span class="nb">FnOnce</span><span class="p">())</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="kd">let</span><span class="w"> </span><span class="n">error</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ERROR</span><span class="p">;</span><span class="w"></span>
<span class="w">    </span><span class="k">if</span><span class="w"> </span><span class="n">error</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">        </span><span class="n">err</span><span class="p">();</span><span class="w"></span>
<span class="w">    </span><span class="p">}</span><span class="w"></span>
<span class="w">    </span><span class="n">f</span><span class="p">();</span><span class="w"></span>
<span class="w">    </span><span class="k">if</span><span class="w"> </span><span class="n">error</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">        </span><span class="n">err</span><span class="p">();</span><span class="w"></span>
<span class="w">    </span><span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>


<p>to</p>
<div class="codehilite"><pre><span></span><code><span class="k">static</span><span class="w"> </span><span class="n">ERROR</span>: <span class="kt">u32</span> <span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span><span class="w"></span>

<span class="k">fn</span> <span class="nf">foo</span><span class="p">(</span><span class="n">f</span>: <span class="nc">impl</span><span class="w"> </span><span class="nb">FnOnce</span><span class="p">(),</span><span class="w"> </span><span class="n">err</span>: <span class="nc">impl</span><span class="w"> </span><span class="nb">FnOnce</span><span class="p">())</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="k">if</span><span class="w"> </span><span class="n">ERROR</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">        </span><span class="n">err</span><span class="p">();</span><span class="w"></span>
<span class="w">    </span><span class="p">}</span><span class="w"></span>
<span class="w">    </span><span class="n">f</span><span class="p">();</span><span class="w"></span>
<span class="w">    </span><span class="k">if</span><span class="w"> </span><span class="n">ERROR</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">        </span><span class="n">err</span><span class="p">();</span><span class="w"></span>
<span class="w">    </span><span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>


<p>if for example <code>f</code> was inlined and <code>f</code> is big enough to necessitate <code>error</code> being spilled. The changed example could call <code>err()</code> once while before it was always zero or two times.</p>



<a name="209610989"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209610989" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209610989">(Sep 10 2020 at 08:52)</a>:</h4>
<p>Do you think it is possible / reasonable to write code that is resistant to this kind of code manipulation when a particular value is suspected to be poison?</p>



<a name="209611199"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209611199" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> bjorn3 <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209611199">(Sep 10 2020 at 08:55)</a>:</h4>
<p>Using atomic or volatile loads/stores may trick LLVM enough. If SDL participates in LTO, LLVM may still be able to see that there are non-atomic accesses, but SDL likely doesn't participate in LTO.</p>



<a name="209624265"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209624265" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jubilee <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209624265">(Sep 10 2020 at 11:18)</a>:</h4>
<p>A volatile is definitely going to mess with LLVM's head, it can't really optimize around them. <a href="https://github.com/rust-lang/rust/issues/74476">https://github.com/rust-lang/rust/issues/74476</a> ( since the entire point of volatile is a marker for PhantomData&lt;The Entire World&gt;. )</p>



<a name="209634139"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209634139" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209634139">(Sep 10 2020 at 12:56)</a>:</h4>
<p>Upon closer inspection it seems that SDL2 has been using the thread-local storage error buffer for longer than I thought at first, so this particular worry can be put behind us.</p>
<p>(But feel free to muse on the possibilities I suppose.)</p>



<a name="209756803"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209756803" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209756803">(Sep 11 2020 at 09:10)</a>:</h4>
<p><span class="user-mention silent" data-user-id="271719">Mario Carneiro</span> <a href="#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F/near/209610989">said</a>:</p>
<blockquote>
<p>Do you think it is possible / reasonable to write code that is resistant to this kind of code manipulation when a particular value is suspected to be poison?</p>
</blockquote>
<p>possible, maybe. reasonable, no. at that point you are basically working against the compiler instead of with it.</p>



<a name="209756831"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209756831" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209756831">(Sep 11 2020 at 09:11)</a>:</h4>
<p><span class="user-mention silent" data-user-id="281757">Jubilee</span> <a href="#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F/near/209624265">said</a>:</p>
<blockquote>
<p>A volatile is definitely going to mess with LLVM's head, it can't really optimize around them. <a href="https://github.com/rust-lang/rust/issues/74476">https://github.com/rust-lang/rust/issues/74476</a> ( since the entire point of volatile is a marker for PhantomData&lt;The Entire World&gt;. )</p>
</blockquote>
<p>unfortunately, LLVM doesn't guarantee that though -- while I think LLVM could just document "volatile reads never yield <code>poison</code> or <code>undef</code>" without any cost (from what I know, they are already complying with that stricter spec), they don't want to do that. :/</p>



<a name="209756844"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209756844" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209756844">(Sep 11 2020 at 09:11)</a>:</h4>
<p>see <a href="https://bugs.llvm.org/show_bug.cgi?id=42435">https://bugs.llvm.org/show_bug.cgi?id=42435</a></p>



<a name="209756917"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209756917" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209756917">(Sep 11 2020 at 09:12)</a>:</h4>
<p>maybe there are better ways to persuade them of this than the bugtracker, not sure; I gave up on this for now and just live with this LLVM idiosyncrasy (it's not the only one^^)</p>



<a name="209780964"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just%20how%20bad%20is%20a%20data%20race%20%2Areally%2A%3F/near/209780964" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jubilee <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Just.20how.20bad.20is.20a.20data.20race.20*really*.3F.html#209780964">(Sep 11 2020 at 13:33)</a>:</h4>
<p>I should have said "does not" rather than "cannot", yeah.</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>